CVE-2012-1100

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Operations Network (JON) versions 2.4.2 and earlier, 3.0.x before 3.0.1

Description The issue allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request when LDAP authentication is enabled and the LDAP bind account credentials are invalid.

Recommendations For versions 2.4.2 and earlier, update to version 2.4.2 or later to resolve the issue. For versions 3.0.x before 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider disabling LDAP authentication until a patch is available.